The manuscript at www.statcounter  com/counter/counter. js was customized by the attackers to add a piece of code in the middle of the manuscript. Generally hackers add code at the beginning or at the end of the script. Including code in the middle of a manuscript can stay clear of discovery as a questionable code in the middle of the manuscript is more challenging to recognize.
The item of code added by the hackers was set to detect any type of LINK that contains myaccount/withdraw/BTC. This implies that cyberpunks were attempting to swipe Bitcoin from a platform which traded Bitcoin. After successful recognition of the wanted URL, the manuscript will certainly include a new manuscript component to the page connected to the LINK as well as fuse the code at https://www.statconuter  com/c. php.
Hacking done the clever means
The domain utilized by the cyberpunks is extremely comparable to the initial domain name. The hackers have turned 2 letters from StatCounter, that makes it more difficult to spot the harmful script. According to the report this domain has actually been put on hold in 2010 on account of spam as well as misuse.
The study discovered that the LINK, myaccount/withdraw/BTC, targeted by the code was energetic on only one page as well as the page belonged to Gate.io, a crypto exchange. Therefore, the research study ends that Gate.io was the major target of the hack. Gate.io features over a million bitcoin deals indicating that the burglarizing Bitcoins from the exchange cane pay.
The web page https://www.gate  io/myaccount/withdraw/ BTC is used to move bitcoin from a gate.io account to an external Bitcoin address. Throughout the 2nd step in the deal procedure when the individual clicks the submit button for the withdrawal, the harmful manuscript will change the destination Bitcoin address. The hackers seem have increased the stake by transforming the Bitcoin address with each deal making it difficult to identify the variety of Bitcoins transferred to phony addresses.